Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints

a network endpoint and malware technology, applied in the field of computer threats, can solve the problems of false positives and/or false negatives, the current security mechanism is generally inability to cope, and the malware signature is changed

Active Publication Date: 2016-11-03
FIDELIS SECURITY LLC +1
View PDF2 Cites 54 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The patent describes a system for identifying the presence of ransomware on a network and trapping it. The system includes a plurality of resources connected to a network, a decoy drive with decoy files, and a manager node for managing the placement of the decoy drive and associating it with a specific process. When ransomware accesses the decoy drive and encrypts the decoy files, the decoy drive continuously provides additional decoy files to the ransomware, which helps to identify and terminate the specific process running the ransomware. The technical effect of the invention is to provide a method for identifying and trapping ransomware on a network, which can help to protect against ransomware attacks.

Problems solved by technology

Advanced persistent threats, such as computer viruses, computer worms, Trojan horses, and other malware, particularly when infecting endpoints in an organization's network, are some of the most crucial security problems for many organizations.
Current security mechanisms are generally unable to cope with, and to prevent, infectious attacks, and as a result attackers, such as hackers, crackers, and cyber-terrorists, are able to insert malware into the networks of such organizations.
However, malware signatures are changed, added and mutated constantly, and signature analysis tools typically cannot keep up with the changing malware signatures, and therefore this method is far from failsafe.
However, this method requires collecting all the traffic to and from the organization, collecting data from assets inside the organization and the computational analysis methods used to implement this technique often trigger false positives and / or suffer from false negatives.
However, sandboxing often greatly slows down the flow of traffic in the network, due to the need to check every incoming piece of suspicious code.
Additionally, malware developers have found multiple different methods for circumventing or bypassing sandboxing technologies, thereby reducing the effectiveness of this technology.
However, these methods are not perfect because they make assumptions about the application which may be incorrect, because there are methods for the ransomware to evade these solutions, and / or because the solution introduces another agent on the endpoint.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints
  • System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints
  • System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049]The invention, in some embodiments, relates to the field of computer threats, and more specifically to methods and systems for identifying the presence of advanced persistent threats in a network and for trapping the threats.

[0050]The principles, uses and implementations of the teachings herein may be better understood with reference to the accompanying description and figures. Upon perusal of the description and figures present herein, one skilled in the art is able to implement the invention without undue effort or experimentation.

[0051]Before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not limited in its applications to the details of construction and the arrangement of the components and / or methods set forth in the following description and / or illustrated in the drawings and / or the Examples. The invention can be implemented with other embodiments and can be practiced or carried out in various ways. It is also ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.

Description

[0001]RELATED APPLICATION[0002]The present application is a Continuation in Part of U.S. patent application Ser. No. 14 / 844,844 filed Sep. 3, 2015 and entitled A SYSTEM AND A METHOD FOR IDENTIFYING THE PRESENCE OF MALWARE USING MINI-TRAPS SET AT NETWORK ENDPOINTS, which in turn gains priority from U.S. Provisional Patent Application No. 62 / 046,319 filed Sep. 5, 2014 and entitled A METHOD FOR IDENTIFYING THE PRESENCE OF MALWARE BY SETTING MINI-TRAPS IN NETWORK ENDPOINTS. Both applications are incorporated herein by reference as if fully set forth herein.FIELD AND BACKGROUND OF THE INVENTION[0003]The invention, in some embodiments, relates to the field of computer threats, and more specifically to methods and systems for identifying the presence of advanced persistent threats in a network and for trapping the threats.[0004]Advanced persistent threats, such as computer viruses, computer worms, Trojan horses, and other malware, particularly when infecting endpoints in an organization's ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L29/06
CPCH04L2463/146H04L63/1491H04L63/145
Inventor KOLTON, DORONMIZRAHI, RAMIZOHAR, OMERBEN-RABI, BENNYBARBALAT, ALEXGABAI, SHLOMI
Owner FIDELIS SECURITY LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com